Did domain name registrar GoDaddy have a credit card security breach that they’re not telling anyone about? That’s what Reader Newcxns thinks. Two weeks ago, one of his Citi cards was replaced. One week later, another. The only thing Citi would tell him is that “a merchant” reported a possible data breach. No merchant has sent any data breach reports to Newcxns. In typical fashion, banks and vendors like to hide it when their security systems fail and compromise your account information.
The only merchant in common on the two cards? GoDaddy.
Don’t merchants have an obligation to tell their customers about their failure to secure the account information their customers have entrusted them with?
UPDATE: In the comments, GoDaddy says there was no breach.
My name is LaTrisha and I work in the GoDaddy.com Fraud Detection Unit. We noticed your posting and immediately reviewed our records. We found no breach on our end. As you might guess, we can not comment on other merchants’ situations but can assure you the problem was not with the customer’s GoDaddy.com account.